Open code423n4 opened 1 year ago
While technically valid, the issue doesn't risk the funds.
The submission should have been inside the QA report.
0xSorryNotSorry marked the issue as low quality report
Valid QA
alcueca changed the severity to QA (Quality Assurance)
alcueca marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L405
Vulnerability details
Impact
When executing a call in
TemporalGovernor
the error is supposed to "bubble" up:https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Governance/TemporalGovernor.sol#L399-L405
However,
string(returnData)
doesn't do what you expect as reverts are passed abi encoded:The first 4 bytes of the revert result is the signature, like
Error(string)
(0x08c379a
), similar to a function selector. Then follows the abi encoded string of the error. Simply casting this to a string will result in a string decode error.Further reading here: https://ethereum.stackexchange.com/questions/83528/how-can-i-get-the-revert-reason-of-a-call-in-solidity-so-that-i-can-use-it-in-th
Hence the reasons for reverts will be misformatted as seen in my PoC below.
Proof of Concept
Test in
TemporalGovernorExec.t.sol
:Revert
:Tools Used
Manual audit
Recommended Mitigation Steps
Consider taking the implementation from uniswap (which originally is from https://ethereum.stackexchange.com/a/83577): https://github.com/Uniswap/v3-periphery/blob/main/contracts/base/Multicall.sol#L16-L23
Assessed type
Error